Legal Document

Privacy Policy

How Contexta Solutions Pvt. Ltd. collects, uses, protects, and manages your personal and health data.

Effective From: 10 March 2025Updated: 10 March 2025Jurisdiction: IndiaVersion 1.0
This Privacy Policy applies to all users of Contexta — including clinic staff, doctors, and patients — who interact with our EMR platform, Patient Portal, and Growth Engine services. Please read it carefully before using our services.
1

About This Policy

This Privacy Policy describes how Contexta Solutions Pvt. Ltd. ("Contexta", "we", "us", or "our") collects, processes, stores, and protects information when you use our services, including:

  • Contexta EMR — Practice management platform for appointments, queues, tasks, and clinical workflows
  • Patient Portal — Patient-facing interface to access health records, appointments, and communications
  • Growth Engine — SEO and digital presence optimization for healthcare practices
  • contextaemr.com and all associated subdomains

This policy is compliant with the Information Technology Act, 2000, the IT (SPDI) Rules, 2011, and applicable guidelines from the Ministry of Health and Family Welfare, India.

By using any Contexta service, you signify your acceptance of this Privacy Policy. If you do not agree, please discontinue use of our services.
2

Who We Are

Contexta Solutions Pvt. Ltd. is a private limited company incorporated under the Companies Act, 2013, in India, providing practice management and digital health tools to clinics and healthcare providers across India.

DetailInformation
Company NameContexta Solutions Pvt. Ltd.
Operating BrandContexta / Contexta EMR
Country of IncorporationIndia
Contact Emailcontact@contextaemr.com
Services CoveredEMR, Patient Portal, Growth Engine
3

Data We Collect

3.1 Clinic / Healthcare Provider Data

  • Practice name, address, clinic registration details
  • Doctor/staff names, roles, contact numbers, and email addresses
  • Login credentials (email and encrypted passwords)
  • Subscription and billing information

3.2 Patient Data (entered by clinics through the EMR)

  • Name, age, gender, date of birth, contact number
  • Medical history, chief complaints, diagnoses
  • Prescriptions and medication records
  • Lab reports, scan reports, and attachments
  • Appointment history and visit notes

3.3 Website Visitor Data

  • Name and email address (from demo request / contact forms)
  • IP address and browser/device metadata
  • Usage data and navigation patterns (via cookies and analytics)
We do not sell, rent, or trade any personal or health data to advertisers, data brokers, or third parties for commercial purposes.
4

How We Use Your Data

  • To provide, operate, and improve our EMR, Patient Portal, and Growth Engine services
  • To manage clinic accounts, user authentication, and access control
  • To enable appointment booking, queue management, and patient communication
  • To send automated reminders and notifications via WhatsApp and SMS
  • To generate clinical summaries, analytics, and practice performance reports
  • To respond to support requests, queries, and grievances
  • To improve platform features through anonymised usage data and analytics
  • To comply with applicable legal obligations
5

Sensitive Health Data (SPDI)

Patient health records, prescriptions, diagnoses, and lab reports constitute Sensitive Personal Data or Information (SPDI) under Rule 3 of the IT (SPDI) Rules, 2011. We treat this data with the highest level of protection.
  • Consent: SPDI is collected only with the explicit consent of the patient or their authorised representative
  • Purpose Limitation: Used solely for healthcare delivery — never for advertising or resale
  • Encryption at Rest: AES-256 encryption for all stored health data
  • Encryption in Transit: All data transmitted via TLS/HTTPS
  • Access Controls: Role-based access — only authorised staff may access patient records
  • No Third-Party Commercial Access: SPDI is never shared for commercial purposes
  • Breach Notification: Affected parties notified as required under applicable law
6

Data Sharing

We do not share your personal data with third parties except in the following limited circumstances:

RecipientPurposeSafeguards
WhatsApp Business APIAppointment reminders and patient communicationsData processing agreement
Cloud InfrastructureHosting, storage, and database managementData stored in India; contractual obligations
Legal AuthoritiesCompliance with court ordersOnly upon valid legal demand; minimum disclosure
7

Data Security

  • Encryption at Rest — All stored data, including patient health records, is encrypted
  • Encryption in Transit — TLS encryption (HTTPS) for all communications
  • Role-Based Access Control (RBAC) — Users access only data relevant to their role
  • Secure Authentication — Password hashing and secure login mechanisms
  • Regular Security Reviews — Periodic vulnerability assessments
  • Access Logging — Logs of access to sensitive data for audit purposes
8

Data Retention

Data TypeRetention Period
Active clinic and patient recordsDuration of subscription + 3 years after termination
Patient health records (SPDI)Minimum 7 years from last consultation (MCI/NMC guidelines)
Communication logs (WhatsApp/SMS)2 years from date of communication
Website enquiry data2 years from submission
Audit and access logs3 years from date of log creation
9

Your Rights

  • Right to Access — Request a copy of the personal data we hold about you
  • Right to Correction — Request correction of inaccurate or incomplete data
  • Right to Withdrawal of Consent — Withdraw consent for processing of SPDI at any time
  • Right to Grievance Redressal — Raise a complaint with our Grievance Officer (see Section 14)

To exercise any of these rights, contact us at contact@contextaemr.com. We will respond within 30 days.

10

Cookies & Website Tracking

Cookie TypePurposeControl
Essential CookiesRequired for basic functionality and secure loginCannot be disabled
Analytics CookiesUnderstand how visitors interact with our websiteOptional — can be declined
Preference CookiesRemember user preferencesOptional — can be declined
11

Children's Privacy

Contexta's platforms are not directed at children below the age of 18 as independent users. However, clinics may manage health records of minor patients — in such cases, a parent or legal guardian provides consent. If you believe we have inadvertently collected data from a minor, contact us at contact@contextaemr.com.

12

Changes to This Policy

  • We will update the "Last Updated" date at the top of this page
  • We will notify registered clinic accounts via email at least 7 days before changes take effect
  • For significant changes affecting SPDI processing, we will seek fresh consent where required
13

Grievance Officer

In accordance with the SPDI Rules, 2011, we have appointed a Grievance Officer to address complaints regarding the processing of your personal data:

Rajitha Jaishetty

Grievance Officer & Co-Founder, Contexta Solutions Pvt. Ltd.

Email: contact@contextaemr.com

Company: Contexta Solutions Pvt. Ltd., India

We will acknowledge your grievance within 48 hours and resolve it within 30 days.

14

Governing Law & Jurisdiction

This Privacy Policy is governed by the laws of the Republic of India. Applicable laws include:

  • The Information Technology Act, 2000 and rules thereunder
  • The IT (SPDI) Rules, 2011
  • The Digital Personal Data Protection Act, 2023 (to the extent notified)
  • Applicable guidelines from the Ministry of Health and Family Welfare, India